<?php
header("Content-type: text/html; charset=utf-8");

function dowith_sql($str)
{
    $refuse_str="and|or|select|update|from|where|order|by|*|delete|'|insert|into|values|create|table|database";
    $arr=explode("|",$refuse_str);
    for($i=0;$i<count($arr);$i++)
    {
        $replace="[".$arr[$i]."]";
        $str=str_replace($arr[$i],$replace,$str);
    }
    return $str;
}
foreach ($_GET as $key=>$value)
{
    $_GET[$key]=dowith_sql($value);

}
foreach ($_POST as $key=>$value)
{
    $_POST[$key]=dowith_sql($value);

}

$mysqli  = new  mysqli ( "localhost" ,  "root" ,  "123456" ,  "my_db" );
$mysqli -> query ("set names 'utf8'");

$size = 2;
$page = addslashes($_GET['page']);
echo $page;
$page = intval($page);
$start = ($page-1) * $size;//0

$result = $mysqli -> query ( "SELECT * FROM imgs limit $start,$size" );

$list = [];
while ($row = mysqli_fetch_array($result,MYSQLI_ASSOC))
{
    $list[] = $row;
}
echo json_encode($list);

$mysqli -> close ();